[SCM] Debian packaging of CGI::Application::Plugin::RateLimit branch, master, updated. upstream/1.0-10-gefbfa3a
gregor herrmann
gregoa at debian.org
Thu Jun 14 20:54:47 UTC 2012
The following commit has been merged in the master branch:
commit 7584adaba2b792a6ade395f5a75ccc4bffa84a04
Author: gregor herrmann <gregoa at debian.org>
Date: Thu Jun 14 22:45:04 2012 +0200
Add short description and improve long description.
Thanks: Frederik Schwarzer for the bug report and the proposed patch.
Closes: #677495
diff --git a/debian/control b/debian/control
index a214a54..42538b6 100644
--- a/debian/control
+++ b/debian/control
@@ -20,7 +20,7 @@ Breaks: libcgi-application-extra-plugin-bundle-perl (<< 0.5)
Replaces: libcgi-application-extra-plugin-bundle-perl (<< 0.5)
Enhances: libcgi-application-perl
Recommends: libcgi-application-plugin-dbh-perl
-Description: unknown
+Description: Perl module for limiting the runmode call rate per user
CGI::Application::Plugin::RateLimit provides protection against a user
calling a runmode too frequently. A typical use-case might be a contact form
that sends email. You'd like to allow your users to send you messages, but
@@ -36,3 +36,21 @@ Description: unknown
To use this module you must create a table in your database with the
following schema (using MySQL-syntax, although other DBs may work as well
with minor alterations):
+ .
+ CREATE TABLE rate_limit_hits (
+ user_id VARCHAR(255) NOT NULL,
+ action VARCHAR(255) NOT NULL,
+ timestamp UNSIGNED INTEGER NOT NULL,
+ INDEX (user_id, action, timestamp)
+ );
+ .
+ You may feel free to vary the storage-type and size of user_id and action to
+ match your usage. For example, if your identity_callback() always returns an
+ integer you could make user_id an integer column.
+ .
+ This table should be periodically cleared of old data. Anything older than the
+ maximum timeframe being used can be safely deleted.
+ .
+ IMPORTANT NOTE: The protection offered by this module is not perfect.
+ Identifying a user on the internet is very hard and a sophisticated attacker
+ can work around these checks, by switching IPs or automating login creation.
--
Debian packaging of CGI::Application::Plugin::RateLimit
More information about the Pkg-perl-cvs-commits
mailing list